Description
Unauthenticated Privilege Escalation in Paytium <= 5.0.2 versions.
Published: 2026-06-26
Score: 9.8 Critical
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

An unauthenticated attacker can elevate privileges within the WordPress site by exploiting a flaw in the Paytium plugin. The vulnerability is classified as CWE-266, allowing an attacker to gain administrative rights without authentication. This can lead to unrestricted control over payment settings, data manipulation, and potential compromise of the entire site. The impact is severe due to complete loss of confidentiality, integrity, and availability of payment data and site functionality.

Affected Systems

The WordPress Paytium plugin versions up to and including 5.0.2 are affected. Any installation running a version of Paytium <= 5.0.2 is vulnerable and requires remediation.

Risk and Exploitability

The CVSS score of 9.8 indicates critical severity. Since the EPSS score is not available and the vulnerability is not listed in the CISA KEV catalog, the public exploitation probability is unknown, but the combination of unauthenticated access and high severity suggests a high risk. The likely attack vector, inferred from the description, is a web-based interaction that does not require credentials. Without mitigation, attackers can immediately gain admin-level access.

Generated by OpenCVE AI on June 26, 2026 at 16:42 UTC.

Remediation

Vendor Solution

Update the WordPress Paytium Plugin to the latest available version (at least 5.0.3).

OpenCVE Recommended Actions

  • Update the Paytium plugin to version 5.0.3 or later.
  • If an immediate update is not possible, disable the Paytium plugin to eliminate the attack surface.
  • Apply access control restrictions to prevent unauthorized configuration changes, such as limiting plugin management to trusted administrators only.

Generated by OpenCVE AI on June 26, 2026 at 16:42 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 26 Jun 2026 17:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 26 Jun 2026 15:15:00 +0000

Type Values Removed Values Added
Description Unauthenticated Privilege Escalation in Paytium <= 5.0.2 versions.
Title WordPress Paytium plugin <= 5.0.2 - Privilege Escalation vulnerability
Weaknesses CWE-266
References
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-06-26T17:01:36.044Z

Reserved: 2026-06-18T14:37:29.430Z

Link: CVE-2026-56030

cve-icon Vulnrichment

Updated: 2026-06-26T17:01:32.715Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-26T16:45:03Z

Weaknesses
  • CWE-266

    Incorrect Privilege Assignment